On Mon, Sep 29, 2008 at 5:11 AM, Jan Matejek <[EMAIL PROTECTED]> wrote: > Brett Cannon napsal(a): >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner >> <[EMAIL PROTECTED]> wrote: >>> First, I would like to access to these informations. Not only this issue, >>> but >>> all security related issues. I have some knowledges about security and I can >>> help to resolve issues and/or estimate the criticity of an issue. >>> >> >> That would require commit privileges first. Don't know if the group >> requires that a person have a decent amount of time committing to the >> core first (I just joined the list in late July). > > commit privileges? > I would be interested in joining the PSRT list too - as a python > maintainer for openSUSE, i think that it would be beneficial for both my > and your work. And i can imagine that maintainers from other > distributions have similar opinion on this ;) > And that does not necessarily mean commit privileges, right? > > Or is this an issue of trust, where "we trust you enough to make changes > to the core" equals "we also trust you enough to see the security issues" ?
Traditionally we have been extremely careful in selecting people to join the PSRT -- basically people that have many years of reputation *within the Python community*. I think we may have to expand our selection creteria, since the existing approach has led to a small PSRT whose members are all too busy to do the necessary legwork. At the same time we need to remain selective -- I don't think having a crowd of hundreds would be productive, and we need to be sure that every single member can absolutely be trusted to take security seriously. To answer your question directly, I don't think that just being the Python maintainer for some Linux distribution is enough to qualify -- if our process worked well enough, you'd be getting the patches from us via some downstream-flowing distribution mechanism that reaches only trusted people within each vendor organization. I don't happen to know you personally -- but perhaps other current members of the PSRT do and that could be enough to secure an invitation. -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com